Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill documents capabilities to read environment variables, read local shell configuration files, and make outbound network requests, but it does not declare equivalent permissions or clearly scope them. This creates a transparency and consent problem: a user may invoke a seemingly simple ranking lookup skill without realizing it can inspect local files for secrets and transmit data to an external service.
